On 22/12/24 19:53, Michael Tokarev via Postfix-users wrote:
22.12.2024 03:39, Peter via Postfix-users wrote:
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example OAUTH2,
which, in terms of Cyrus SASL, does not work with saslauthd at all,
I don't see why it wouldn't.
saslauthd has very simple protocol, basically: read(username,password),
write(ok|bad). It doesn't read anything else like dovecot auth does,
it's basically just a password verifier. For any other mechanism, other
components are needed too (eg, client address).
I see, I'm not well versed in cyrus SASL as I've always used dovecot and
find it easy to configure and interface to postfix.
As I already mentioned, people do use other SASL mechanisms with Cyrus
SASL configuration (since dovecot sasl is an integral part of dovecot,
and not everyone uses dovecot).
This implies the assumption that you must already be using Dovecot for
other purposes if you want to use it for a SASL backend, this is
simply not true, and it is very easy to configure Dovecot to act only
as a SAL backend, in fact here is a Dovecot config I use on a server
to do exactly that:
It is not true for you, but not for most others who treat dovecot like
a mailbox storage/access solution (IMAP/POP/etc). Sure it is capable
to provide just the auth part, it's just not what people think about it.
I realize that, but it's fairly easy to implement and easy to configure
dovecot to only provide the SASL backend plus it does appear to be the
most comprehensive, easiest to implement solution for SASL that Postfix
can use at the moment. Perhaps we should make an effort to advertise
this as it would seem to alleviate a lot of your concerns.
On a related note, what do you think of libgsasl as an option? Would
implementing it give added value to Postfix? Would it be worth the
effort and why?
Peter
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
